Contrib.social

Module is using a non existing permission

Open on Drupal.org →
Created on 10 February 2024, about 1 year ago

Problem/Motivation

Non admins cant see the list of feedback as the access check is using a non existing permission.

Steps to reproduce

Create a user associated with a role which has all Feedback permissions.
User can t access /admin/content/feedback_message

Proposed resolution

Add the 'view unpublished feedback message entities' to feedback.permissions.yml

🐛 Bug report
Status

Active

Version

3.0

Component

Code

Created by

🇨🇦Canada quadbyte

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @quadbyte
  • Comment about 1 year ago
    🇮🇹Italy apaderno Brescia, 🇮🇹

    The permission is already present in the feedback.permissions.yml file.

    view unpublished feedback message entities:
  title: 'View unpublished Feedback message entities'
  • Comment about 1 year ago
    🇨🇦Canada quadbyte
  • Comment about 1 year ago
    🇨🇦Canada quadbyte

    Sorry I had wrong copy/paste in my initial post
    The missing one is : "view feedback message entities"

  • Comment 8 months ago
    🇬🇧United Kingdom yanniboi UK

    I can confirm this issue and I would suggest using the "administer feedback message entities" permission for the collection page.

  • Merge request !2Issue #3420616 by yanniboi, mparker17, isampo: Feedback collection route is using non existent permission → (Merged) created by yanniboi
  • Status changed to Needs review 8 months ago
  • Comment 8 months ago
    🇬🇧United Kingdom yanniboi UK

    I've created a PR to fix this. :)

  • Pipeline finished with Success
    8 months ago
    Total: 148s
    #210970
  • Comment 8 months ago
    🇬🇧United Kingdom yanniboi UK
  • Comment 8 months ago
    🇮🇹Italy apaderno Brescia, 🇮🇹
  • Status changed to Needs work 5 months ago
  • Comment 5 months ago
    🇫🇮Finland iSampo

    Accessing the listing using the `administer feedback message entities` permission works with the latest MR and is better already as now the collection can be accessed. Attached the change as a static patch for composer projects.

    Anyhow it might need to be re-thought though as the current description for the permission is "Allow to access the administration form to configure Feedback message entities.", which kind of implies that is meant to be much deeper permission, and it's also defined as `admin_permission` in the FeedbackMessage entity.

    A new `access feedback overview` permission could make sense, as that's the way the collection route permissions are usually defined. For example Taxonomy has collection_permission = "access taxonomy overview" in its Entity definition.

  • First commit to issue fork.
  • Comment 5 months ago
    🇨🇦Canada mparker17 UTC-4

    While writing tests in Add automated tests Active , I ran into this problem as well.

    I daresay calling it access feedback message list would be even more clear.

    FWIW, this wasn't proposed in the patch; but it also wasn't explicitly stated in any comments: I think a new permission to access the list of feedback message is better than replacing the administer feedback message entities permission, because administer feedback message entities is used in \Drupal\feedback\FeedbackMessageAccessControlHandler::checkFieldAccess() to control field access - and it is plausible for a site admin to want some users to see a list of feedback messages without letting them modify which fields are on feedback messages.

  • Comment 5 months ago
    🇨🇦Canada mparker17 UTC-4

    This looks good to me now. I've merged it. Thanks everyone!

  • Comment 5 months ago
    System Message
  • Comment 4 months ago
    System Message

    Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024